Open Redirect in Login Redirect in MobSF (CVE-2024-41955)
Update to MobSF v4.0.5.
https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-8m9j-2f32-2vx4

BingoMod: The new android RAT that steals money and wipes data
https://www.cleafy.com/cleafy-labs/bingomod-the-new-android-rat-that-steals-money-and-wipes-data

Introducing the new Mobile App Security Weakness Enumeration (MASWE).
This brand new OWASP MAS resource bridges the gap between MASVS high-level controls and MASTG low-level testing, using a similar approach to CWEs.
https://mas.owasp.org/news/2024/07/30/new-maswe/

New Fileless Malware Framework "GhostHook" Targets Android Devices
https://iverify.io/post/new-fileless-malware-framework-ghosthook-targets-android-devices

BlankBot - a new Android banking trojan with screen recording, keylogging and remote control capabilities
https://intel471.com/blog/blankbot-a-new-android-banking-trojan-with-screen-recording-keylogging-and-remote-control-capabilities

Heap overflow in JPEG loading in Samsung's Little Kernel in bootloader allows a privileged attacker to execute persistent arbitrary code (it survives reboots and factory reset) CVE-2024-20832
Paper: https://www.sstic.org/media/SSTIC2024/SSTIC-actes/when_vendor1_meets_vendor2_the_story_of_a_small_bu/SSTIC2024-Article-when_vendor1_meets_vendor2_the_story_of_a_small_bug_chain-rossi-bellom_neveu.pdf
Slides: https://www.sstic.org/media/SSTIC2024/SSTIC-actes/when_vendor1_meets_vendor2_the_story_of_a_small_bu/SSTIC2024-Slides-when_vendor1_meets_vendor2_the_story_of_a_small_bug_chain-rossi-bellom_neveu.pdf

LianSpy: new Android spyware targeting Russian users
https://securelist.com/lianspy-android-spyware/113253/

Google fixed Kernel RCE vulnerability in Android (CVE-2024-36971) that was most-likely used for targeted exploitation
https://source.android.com/docs/security/bulletin/2024-08-01

5GBaseChecker: a security analysis framework that helps to hunt for 5G vulnerabilities
https://github.com/SyNSec-den/5GBaseChecker

The Way to Android Root: Exploiting Your GPU On Smartphone (CVE-2024-23380)
[slides] https://i.blackhat.com/BH-US-24/Presentations/REVISED_US24-Gong-The-Way-to-Android-Root-Wednesday.pdf

Dynamic Analysis Technique of Android Malware by Injecting Smali Gadgets
Patch APK with logcat output as alternative to using Frida
https://blogs.jpcert.or.jp/en/2024/08/smaligadget.html

Android Game Hacking: Increase money in Dude Theft Wars Shooting
https://8ksec.io/hacking-android-games/

Android Vulnerability Impacting Millions of Pixel Devices Around the World
https://iverify.io/blog/iverify-discovers-android-vulnerability-impacting-millions-of-pixel-devices-around-the-world

Exploiting Android’s Hardened Memory Allocator
PoC: https://github.com/HexHive/scudo-exploitation
Paper: https://nebelwelt.net/publications/files/24WOOT.pdf

RCE on Xiaomi 13 Pro (CVE-2023-26324)
👉Exploitation:
1) Open URL in WebView
2) Inject JavaScript
3) Execute JavaScript Interface functions from vulnerable GetApps to install & launch payload
4) Get shell

👉Slides with PoC: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Ken%20Gannon%20Ilyes%20Beghdadi%20-%20Xiaomi%20The%20Money%20Our%20Toronto%20Pwn2Own%20Exploit%20and%20Behind%20The%20Scenes%20Story.pdf

Exploiting Bluetooth: From your car to the bank account
Defcon slides: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Vladyslav%20Zubkov%20Martin%20Strohmeier%20-%20Exploiting%20Bluetooth%20-%20from%20your%20car%20to%20the%20bank%20account%24%24.pdf

The ColorOS Internet Browser (com.heytap.browser) app for Android allows a remote attacker to execute arbitrary JavaScript code
PoC: https://github.com/actuator/com.heytap.browser

Sophisticated phishing method targeted mobile users via Progressive Web Apps (iOS, Android) and WebAPKs (Android) to mimic banking apps. Installing WebAPK apps doesn't warn the victim about installing a third-party application and they even appear to have been installed from the Google Play store
https://www.welivesecurity.com/en/eset-research/be-careful-what-you-pwish-for-phishing-in-pwa-applications/

New Android malware - NGate - relays NFC data from victims’ payment cards, via victims’ compromised mobile phones, to attacker's device waiting at an ATM to withdraw cash
https://www.welivesecurity.com/en/eset-research/ngate-android-malware-relays-nfc-traffic-to-steal-cash/

Technical Analysis of Copybara
https://threatlabz.zscaler.com/blogs/security-research/technical-analysis-copybara

How to root an Android device for analysis and vulnerability assessment
https://www.pentestpartners.com/security-blog/how-to-root-an-android-device-for-analysis-and-vulnerability-assessment/